Saturday, March 23, 2013

Generally, netstat command is used to check port is
listening or not. But actually, there are lots of things we can check with the
netstat command in Linux. Let’s understand the some examples of the netstat
command to get desired result.

1.List out all open ports of Linux server: netstat –a

root@hello:~#netstat -a

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 localhost:mysql *:* LISTEN

tcp 0 0 *:www *:* LISTEN

tcp 0 0 *:webmin *:* LISTEN

tcp 0 0 ctier.local:domain *:* LISTEN

tcp 0 0 localhost:domain *:* LISTEN

tcp 0 0 *:ssh *:* LISTEN

2.List only open TCP ports of server: netstat –at

root@hello:~#netstat -at

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 localhost:mysql *:* LISTEN

tcp 0 0 *:www *:* LISTEN

3.List only open UDP ports of server: netstat –au

root@ctier:~# netstat -au

Active Internet connections
(servers and established)

Proto Recv-Q Send-Q Local
Address Foreign Address State

udp 0 0 *:10000 *:*

udp 0 0 *:50715 *:*

udp 0 0 *:bootpc *:*

udp 0 0 *:snmp *:*

4.Now, you can see the statistics of UDP and TCP
ports by commands as below : netstat –st
or netstat –su

[redhat@localhost ~]$ netstat -st

IcmpMsg:

InType3: 1

InType8: 1

OutType0: 1

OutType3: 11

Tcp:

681 active connections openings

1 passive connection openings

8 failed connection attempts

4 connection resets received

3 connections established

15811 segments received

13669 segments send out

8 segments retransmited

0 bad segments received.

147 resets sent

UdpLite:

TcpExt:

564 TCP sockets finished time wait in
fast timer

4 time wait sockets recycled by time
stamp

236 delayed acks sent

1 packets directly queued to recvmsg
prequeue.

8564 packets header predicted

818 acknowledgments
not containing data received

5.Now, if
you want to see the all ports which are in LISTENING mode only type command as

netstat
-l and only for TCP listening ports netstat –lt and for UDP : netstat
–lu

[redhat@localhost ~]$ netstat -l | head

Active Internet connections
(only servers)

Proto Recv-Q Send-Q Local
Address Foreign
Address State

tcp 0 0 *:ssh *:*
LISTEN

tcp 0 0 localhost.localdomain:smtp *:*
LISTEN

tcp 0 0 *:44626 *:*
LISTEN

tcp 0 0 *:ssh *:*
LISTEN

……

[redhat@localhost ~]$ netstat -lu

Active Internet connections
(only servers)

Proto Recv-Q Send-Q Local
Address Foreign
Address State

udp 0 0 *:mdns *:*

udp 0 0 *:bootpc *:*

udp 0 0 *:58959 *:*

[redhat@localhost ~]$

[redhat@localhost ~]$ netstat -lt

Active Internet connections
(only servers)

Proto Recv-Q Send-Q Local
Address Foreign
Address State

tcp 0 0 *:ssh *:*
LISTEN

tcp 0 0 localhost.localdomain:smtp
*:*
LISTEN

tcp 0 0 *:44626 *:*
LISTEN

tcp 0 0 *:ssh *:*
LISTEN

[redhat@localhost ~]$

6.List the ports which are listening unix ports
using netstat –lx

[redhat@localhost ~]$ netstat -lx | head

Active UNIX domain sockets
(only servers)

Proto RefCnt Flags Type State I-Node Path

unix 2
[ ACC ] STREAM LISTENING 11846
/var/run/acpid.socket

unix 2
[ ACC ] STREAM LISTENING 12271
/var/run/sdp

unix 2
[ ACC ] STREAM LISTENING 12564
public/cleanup

unix 2
[ ACC ] STREAM LISTENING 12572
private/tlsmgr

unix 2
[ ACC ] STREAM LISTENING 12576
private/rewrite

unix 2
[ ACC ] STREAM LISTENING 11573
/var/run/dbus/system_bus_socket

unix 2
[ ACC ] STREAM LISTENING 12580
private/bounce

unix 2
[ ACC ] STREAM LISTENING 12584
private/defer

7.If you want to know the program which using
specific port then use : netstat -p

[redhat@localhost ~]$ netstat -p | head -20

(Not all processes could be
identified, non-owned process info

will not be shown, you would have to be root
to see it all.)

Active Internet connections
(w/o servers)

Proto Recv-Q Send-Q Local
Address Foreign
Address State PID/Program name